AIS is a global system for tracking the movement of vessels. It is intended to supplement marine radar and relies on ship, land and satellite-based systems to exchange data on ships’ position, course and speed and is used for everything from collision avoidance to security, ship-to-ship communications and weather forecasting.
AIS is required to be deployed on all passenger vessels and on international-voyaging ships with gross tonnage of 300 or more. However, researchers Marco Balduzzi and Kyle Wilhoit found that AIS is rife with exploitable software- and protocol vulnerabilities. Chief among them are flaws in the AIS protocol which was developed in a “hardware epoch” and lacks even basic security features such as authentication and message integrity checks. While hacks of radio-based systems like AIS would have been expensive and difficult to conduct 10 or 15 years ago, the advent of tools like Software Defined Radio make it possible to craft sophisticated attacks with just a small investment, the researchers discovered.
In their work, Balduzzi and Wilhoit – working with an independent security researcher – were able to use software-defined radio based attacks to trigger a range of phony messages, from false SOS and “man in the water” distress beacons to fake CPA (or Closest Point of Approach) alert and collision warnings on an AIS system set up in a lab environment. A copy of their ACSAC presentation slides can be found here: http://blog.trendmicro.com/tre...
The two have written about AIS vulnerabilities before, including susceptibility of AIS to man-in-the-middle attacks (http://blog.trendmicro.com/trendlabs-security-intelligence/captain-where-is-your-ship-compromising-vessel-tracking-systems/). Their latest work expands the list of attacks and vulnerabilities found in AIS to include both software and RF-based hacks, SQL injection, buffer overflow and so on."
Link to Original Source